Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da7ccf05 by security tracker role at 2020-09-16T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-25625
+ RESERVED
+CVE-2020-25624
+ RESERVED
+CVE-2020-25623
+ RESERVED
+CVE-2020-25622
+ RESERVED
+CVE-2020-25621
+ RESERVED
+CVE-2020-25620
+ RESERVED
+CVE-2020-25619
+ RESERVED
+CVE-2020-25618
+ RESERVED
+CVE-2020-25617
+ RESERVED
+CVE-2020-25616
+ RESERVED
+CVE-2020-25615
+ RESERVED
+CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL
response is ...)
+ TODO: check
+CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for
Perl. DBD: ...)
+ TODO: check
CVE-2020-25613
RESERVED
CVE-2020-25612
@@ -98,8 +124,8 @@ CVE-2020-25561
RESERVED
CVE-2020-25560
RESERVED
-CVE-2020-25559
- RESERVED
+CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing
print_set_output ...)
+ TODO: check
CVE-2020-25558
RESERVED
CVE-2020-25557
@@ -392,8 +418,8 @@ CVE-2020-25414
RESERVED
CVE-2020-25413
RESERVED
-CVE-2020-25412
- RESERVED
+CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line ()
at comm ...)
+ TODO: check
CVE-2020-25411
RESERVED
CVE-2020-25410
@@ -1205,12 +1231,10 @@ CVE-2020-25042 (An arbitrary file upload issue exists
in Mara CMS 7.5. In order
NOT-FOR-US: Mara CMS
CVE-2020-25041
RESERVED
-CVE-2020-25040 [Insecure permissions on build temporary rootfs]
- RESERVED
+CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on
temporary ...)
- singularity-container <unfixed> (bug #970465)
NOTE:
https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762
-CVE-2020-25039 [Insecure permissions on user namespace / fakeroot temporary
rootfs]
- RESERVED
+CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure
Permissions on tem ...)
- singularity-container <unfixed> (bug #970465)
NOTE:
https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
CVE-2020-25038
@@ -1261,8 +1285,8 @@ CVE-2020-25018
RESERVED
CVE-2020-25017
RESERVED
-CVE-2020-25015
- RESERVED
+CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely.
Genexis ...)
+ TODO: check
CVE-2020-25014
RESERVED
CVE-2020-25013
@@ -1529,11 +1553,11 @@ CVE-2020-24893
CVE-2020-24892
RESERVED
CVE-2020-24891
- RESERVED
-CVE-2020-24890
- RESERVED
-CVE-2020-24889
- RESERVED
+ REJECTED
+CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in
parse_tiff ...)
+ TODO: check
+CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0
LibRaw::Ge ...)
+ TODO: check
CVE-2020-24888
RESERVED
CVE-2020-24887
@@ -23737,13 +23761,11 @@ CVE-2020-14395
RESERVED
CVE-2020-14394
RESERVED
-CVE-2020-14393
- RESERVED
+CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs.
A local ...)
- libdbi-perl 1.643-1
[buster] - libdbi-perl <no-dsa> (Minor issue)
NOTE:
https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
-CVE-2020-14392
- RESERVED
+CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI
< 1.643 ...)
- libdbi-perl 1.643-1
[buster] - libdbi-perl <no-dsa> (Minor issue)
NOTE:
https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
@@ -23769,8 +23791,7 @@ CVE-2020-14387 [rsync-ssl does not verify the hostname
in the server certificate
NOTE: Introduced by:
https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d
(v3.2.0pre1)
NOTE: Fixed by:
https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549
-CVE-2020-14386 [af_packet memory corruption]
- RESERVED
+CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory
corruption ...)
- linux 5.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure
of the ...)
@@ -23781,8 +23802,7 @@ CVE-2020-14384 (A flaw was found in JBossWeb in
versions before 7.5.31.Final-red
NOT-FOR-US: JBossWeb
CVE-2020-14383
RESERVED
-CVE-2020-14382
- RESERVED
+CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0
where, ...)
- cryptsetup 2:2.3.4-1 (bug #969471)
[buster] - cryptsetup <not-affected> (Vulnerable code not present)
[stretch] - cryptsetup <not-affected> (Vulnerable code not present)
@@ -23912,8 +23932,7 @@ CVE-2020-14349 (It was found that PostgreSQL versions
before 12.4, before 11.9 a
NOTE: https://www.postgresql.org/about/news/2060/
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
-CVE-2020-14348
- RESERVED
+CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an
invalid fiel ...)
NOT-FOR-US: AMQ Online
CVE-2020-14347 (A flaw was found in the way xserver memory was not properly
initialize ...)
{DSA-4758-1 DLA-2359-1}
@@ -24039,8 +24058,7 @@ CVE-2020-14317
- wildfly <itp> (bug #752018)
CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine
Instanc ...)
NOT-FOR-US: KubeVirt
-CVE-2020-14315
- RESERVED
+CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as
shipped in ...)
- bsdiff <unfixed> (bug #964796)
[buster] - bsdiff <no-dsa> (Minor issue)
[stretch] - bsdiff <no-dsa> (Minor issue)
@@ -24082,8 +24100,7 @@ CVE-2020-14308 (In grub2 versions before 2.06 the grub
memory allocator doesn't
NOTE:
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans
(EJB) ver ...)
- wildfly <itp> (bug #752018)
-CVE-2020-14306
- RESERVED
+CVE-2020-14306 (An incorrect access control flaw was found in the operator,
openshift- ...)
NOT-FOR-US: OpenShift
CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
RESERVED
@@ -25068,8 +25085,7 @@ CVE-2020-13930
RESERVED
CVE-2020-13929
RESERVED
-CVE-2020-13928
- RESERVED
+CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While
saving se ...)
NOT-FOR-US: Apache Atlas
CVE-2020-13927
RESERVED
@@ -26817,8 +26833,8 @@ CVE-2020-13261 (Amazon EKS credentials disclosure in
GitLab CE/EE 12.6 and later
NOTE:
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
CVE-2020-13260
RESERVED
-CVE-2020-13259
- RESERVED
+CVE-2020-13259 (A vulnerability in the web-based management interface of RAD
SecFlow-1 ...)
+ TODO: check
CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS,
as demo ...)
NOT-FOR-US: Contentful
CVE-2020-13257
@@ -34623,8 +34639,7 @@ CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is
affected by a role-based privile
NOT-FOR-US: Red Hat CloudForm
CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible
version ...)
NOT-FOR-US: Ansible Tower
-CVE-2020-10781 [zram sysfs resource consumption]
- RESERVED
+CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the
ZRAM kernel ...)
- linux 5.7.10-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -34717,8 +34732,7 @@ CVE-2020-10759 (A PGP signature bypass flaw was found
in fwupd (all versions), w
NOTE: Fixed by:
https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444
(1.3.10)
NOTE: Introduced with:
https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae
(0.1.2)
NOTE:
https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
-CVE-2020-10758
- RESERVED
+CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS
attack i ...)
NOT-FOR-US: Keycloak
CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1
in the ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1}
@@ -34767,8 +34781,7 @@ CVE-2020-10749 (A vulnerability was found in all
versions of containernetworking
- golang-github-containernetworking-plugins 0.8.6-1
NOTE: https://github.com/containernetworking/plugins/pull/484
NOTE:
https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
-CVE-2020-10748
- RESERVED
+CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1,
where i ...)
NOT-FOR-US: Keycloak
CVE-2020-10747
REJECTED
@@ -34814,8 +34827,7 @@ CVE-2020-10735
RESERVED
CVE-2020-10734
RESERVED
-CVE-2020-10733
- RESERVED
+CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes
system-provided ...)
- postgresql-12 <not-affected> (Windows-specific)
- postgresql-11 <not-affected> (Windows-specific)
- postgresql-9.6 <not-affected> (Windows-specific)
@@ -34882,8 +34894,7 @@ CVE-2020-10719 (A flaw was found in Undertow in
versions before 2.1.1.Final, reg
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public)
NOTE: most likely fixed by
https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf
-CVE-2020-10718
- RESERVED
+CVE-2020-10718 (A flaw was found in Wildfly before
wildfly-embedded-13.0.0.Final, wher ...)
- wildfly <itp> (bug #752018)
CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file
system dae ...)
- qemu 1:5.0-5 (bug #959746)
@@ -34895,8 +34906,7 @@ CVE-2020-10717 (A potential DoS flaw was found in the
virtio-fs shared file syst
CVE-2020-10716
RESERVED
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job
Invocation
-CVE-2020-10715
- RESERVED
+CVE-2020-10715 (A content spoofing vulnerability was found in the
openshift/console 3. ...)
NOT-FOR-US: Openshift Web Console
CVE-2020-10714
RESERVED
@@ -42230,8 +42240,8 @@ CVE-2020-7735
RESERVED
CVE-2020-7734
RESERVED
-CVE-2020-7733
- RESERVED
+CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to
Regular Expre ...)
+ TODO: check
CVE-2020-7732
RESERVED
CVE-2020-7731
@@ -42683,16 +42693,16 @@ CVE-2020-7534
RESERVED
CVE-2020-7533
RESERVED
-CVE-2020-7532
- RESERVED
-CVE-2020-7531
- RESERVED
-CVE-2020-7530
- RESERVED
-CVE-2020-7529
- RESERVED
-CVE-2020-7528
- RESERVED
+CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability
exists in SC ...)
+ TODO: check
+CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in
SCADAPack 7x ...)
+ TODO: check
+CVE-2020-7530 (A CWE-285 Improper Authorization vulnerability exists in
SCADAPack 7x ...)
+ TODO: check
+CVE-2020-7529 (A CWE-22 Improper Limitation of a Pathname to a Restricted
Directory ( ...)
+ TODO: check
+CVE-2020-7528 (A CWE-502 Deserialization of Untrusted Data vulnerability
exists in SC ...)
+ TODO: check
CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove
(V2.8.1) a ...)
NOT-FOR-US: Schneider
CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute
Business ...)
@@ -44556,8 +44566,8 @@ CVE-2020-6783
RESERVED
CVE-2020-6782
RESERVED
-CVE-2020-6781
- RESERVED
+CVE-2020-6781 (Improper certificate validation for certain connections in the
Bosch S ...)
+ TODO: check
CVE-2020-6780
RESERVED
CVE-2020-6779
@@ -46330,8 +46340,8 @@ CVE-2020-6148
RESERVED
CVE-2020-6147
RESERVED
-CVE-2020-6146
- RESERVED
+CVE-2020-6146 (An exploitable code execution vulnerability exists in the
rendering fu ...)
+ TODO: check
CVE-2020-6145 (An SQL injection vulnerability exists in the
frappe.desk.reportview.ge ...)
NOT-FOR-US: ERPNext
CVE-2020-6144 (A remote code execution vulnerability exists in the install
functional ...)
@@ -49985,8 +49995,8 @@ CVE-2020-4710
RESERVED
CVE-2020-4709
RESERVED
-CVE-2020-4708
- RESERVED
+CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose
some infor ...)
+ TODO: check
CVE-2020-4707
RESERVED
CVE-2020-4706
@@ -50583,8 +50593,8 @@ CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through
4.2.3.21 and 5.0.0.0 through 5
NOT-FOR-US: IBM
CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an
authen ...)
NOT-FOR-US: IBM
-CVE-2020-4409
- RESERVED
+CVE-2020-4409 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a
remote attac ...)
+ TODO: check
CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for
IBM QRada ...)
NOT-FOR-US: IBM
CVE-2020-4407
@@ -51450,16 +51460,16 @@ CVE-2020-3992
RESERVED
CVE-2020-3991
RESERVED
-CVE-2020-3990
- RESERVED
-CVE-2020-3989
- RESERVED
-CVE-2020-3988
- RESERVED
-CVE-2020-3987
- RESERVED
-CVE-2020-3986
- RESERVED
+CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x
before 5 ...)
+ TODO: check
+CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x
before 5 ...)
+ TODO: check
+CVE-2020-3988 (VMware Workstation (15.x) and Horizon Client for Windows (5.x
before 5 ...)
+ TODO: check
+CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x
before 5 ...)
+ TODO: check
+CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x
before 5 ...)
+ TODO: check
CVE-2020-3985
RESERVED
CVE-2020-3984
@@ -51470,8 +51480,8 @@ CVE-2020-3982
RESERVED
CVE-2020-3981
RESERVED
-CVE-2020-3980
- RESERVED
+CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation
vulnerability due ...)
+ TODO: check
CVE-2020-3979
RESERVED
CVE-2020-3978
@@ -56721,86 +56731,59 @@ CVE-2020-2280
RESERVED
CVE-2020-2279
RESERVED
-CVE-2020-2278
- RESERVED
+CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not
restrict the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2277
- RESERVED
+CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users
with Job/ ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2276
- RESERVED
+CVE-2020-2276 (Jenkins Selection tasks Plugin 1.0 and earlier executes a
user-specifi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2275
- RESERVED
+CVE-2020-2275 (Jenkins Copy data to workspace Plugin 1.0 and earlier does not
limit w ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2274
- RESERVED
+CVE-2020-2274 (Jenkins ElasTest Plugin 1.2.1 and earlier stores its server
password u ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2273
- RESERVED
+CVE-2020-2273 (A cross-site request forgery (CSRF) vulnerability in Jenkins
ElasTest ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2272
- RESERVED
+CVE-2020-2272 (A missing permission check in Jenkins ElasTest Plugin 1.2.1 and
earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2271
- RESERVED
+CVE-2020-2271 (Jenkins Locked Files Report Plugin 1.6 and earlier does not
escape loc ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2270
- RESERVED
+CVE-2020-2270 (Jenkins ClearCase Release Plugin 0.3 and earlier does not
escape the c ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2269
- RESERVED
+CVE-2020-2269 (Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not
escape vie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2268
- RESERVED
+CVE-2020-2268 (A cross-site request forgery (CSRF) vulnerability in Jenkins
MongoDB P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2267
- RESERVED
+CVE-2020-2267 (A missing permission check in Jenkins MongoDB Plugin 1.3 and
earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2266
- RESERVED
+CVE-2020-2266 (Jenkins Description Column Plugin 1.3 and earlier does not
escape the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2265
- RESERVED
+CVE-2020-2265 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and
earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2264
- RESERVED
+CVE-2020-2264 (Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape
the job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2263
- RESERVED
+CVE-2020-2263 (Jenkins Radiator View Plugin 1.29 and earlier does not escape
the full ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2262
- RESERVED
+CVE-2020-2262 (Jenkins Android Lint Plugin 2.6 and earlier does not escape the
annota ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2261
- RESERVED
+CVE-2020-2261 (Jenkins Perfecto Plugin 1.17 and earlier executes a command on
the Jen ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2260
- RESERVED
+CVE-2020-2260 (A missing permission check in Jenkins Perfecto Plugin 1.17 and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2259
- RESERVED
+CVE-2020-2259 (Jenkins computer-queue-plugin Plugin 1.5 and earlier does not
escape t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2258
- RESERVED
+CVE-2020-2258 (Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier
does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2257
- RESERVED
+CVE-2020-2257 (Jenkins Validating String Parameter Plugin 2.4 and earlier does
not es ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2256
- RESERVED
+CVE-2020-2256 (Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier
does not e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2255
- RESERVED
+CVE-2020-2255 (A missing permission check in Jenkins Blue Ocean Plugin 1.23.2
and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2254
- RESERVED
+CVE-2020-2254 (Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an
undocumented ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2253
- RESERVED
+CVE-2020-2253 (Jenkins Email Extension Plugin 2.75 and earlier does not
perform hostn ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2252
- RESERVED
+CVE-2020-2252 (Jenkins Mailer Plugin 1.32 and earlier does not perform
hostname valid ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier
transmits ...)
NOT-FOR-US: Jenkins plugin
@@ -58623,8 +58606,7 @@ CVE-2020-1749 (A flaw was found in the Linux kernel's
implementation of some net
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
NOTE:
https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
-CVE-2020-1748
- RESERVED
+CVE-2020-1748 (A flaw was found in all supported versions before
wildfly-elytron-1.6. ...)
- wildfly <itp> (bug #752018)
CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in
versions befor ...)
- pyyaml 5.3-2 (bug #953013)
@@ -58800,8 +58782,7 @@ CVE-2020-1711 (An out-of-bounds heap buffer access flaw
was found in the way the
- qemu-kvm <removed>
NOTE: Upstream patch:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc
(5.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3
-CVE-2020-1710
- RESERVED
+CVE-2020-1710 (The issue appears to be that JBoss EAP 6.4.21 does not parse
the field ...)
NOT-FOR-US: JBoss EAP
CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x
versions pr ...)
NOT-FOR-US: openshift
@@ -58849,8 +58830,7 @@ CVE-2020-1695 (A flaw was found in all resteasy 3.x.x
versions prior to 3.12.0.F
- resteasy <undetermined>
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
-CVE-2020-1694
- RESERVED
+CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0,
where the ...)
NOT-FOR-US: Keycloak
CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was
vulnerabl ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7ccf054b6018e187e1fa2a1bd61a1d5368d50a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7ccf054b6018e187e1fa2a1bd61a1d5368d50a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
